ClawShield

Security checks across malware telemetry and agentic risk

Overview

ClawShield is a local security-audit skill that stays on the machine, but its reports can include sensitive local snippets and its documentation advertises some missing helper features.

Install only if you want a local OpenClaw audit script. Review generated JSON reports before sharing them, because they may include OpenClaw status, session details, local port information, and matched lines from memory or skill files. Treat the advertised cron, Telegram/email alerting, and panel-server/config helpers as not implemented unless separately provided and reviewed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill declares no permissions, but its documented behavior clearly involves reading local files such as config.yaml and logs/last-report.json, and likely environment access through its Node/Bash tooling. This creates a capability mismatch: users and policy systems may trust the manifest as low-privilege when the skill actually performs filesystem-backed security scanning, increasing the risk of unauthorized data exposure or deceptive privilege expectations.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The script recursively scans local memory and skills files for prompt-injection patterns and includes matching lines in the generated report, which can inadvertently expose sensitive local content such as secrets, prompts, or internal instructions. In a security-audit skill this behavior is contextually related to the stated purpose, but it is still risky because broad recursive content inspection occurs without clear notice, scope limits, or redaction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal